Friday, June 09, 2006

My New Framebusting Technique is Unstoppable!!!

Don't you just hate it when someone loads your site into their own frameset? I do, so I was looking at some poular frame-busting javascripts recently and discovered a few problems with virtually all of them. Most importantly, none of the scripts I found worked properly with the Wordpress story editor, causing an immediate redirect from the edit screen back to the main post screen whenever I tried to edit a story. This was apparently because the preview frame in the editor was loading the framebuster code which is simply included globally in my main site javascript file that holds all my Macromedia rollover and popup window code. Since my Wordpress template uses this javascript include file, it was causing problems. So anyway, I have come up with a super-cool method of framebusting a site that let's you first determine if your page is being loaded from an external domain. Of course, this wasn't an obvious solution at first since, due to Javascript security constraints, you cannot do a search of your parent frame's URL to see if it contains your domain name (or anything else for that matter). However, since we know that any time a search of your parent frame's URL property throws an error, then the parent frame must be loaded from a different domain. Therefore, we can simply write a little framebusting script that takes advantage of this fact like so:

var myDomain = 'somedomain.com';
try{
if(window.top.location.href.search(myDomain)==-1){
if(parent.frames.length!=0) {
window.top.location.replace(document.location.href)
}else if (top.location != self.location){
top.location=self.location;
}
}
}catch(err){
window.top.location.replace(document.location.href)
}


I'm not a javascript guru, so I'm not sure if there are any other issues with this script, but I'm sure the method could be adopted to work with all browsers if it doesn't already. It appears the javascript try/catch syntax is valid for IE5+, Mozilla 1.0, and Netscape 6, so there may be some problems with other browers that will need to be handled by the "onerror" event used in Netscape 3+. If I improve the script with that feature, then I will post it here.

Sunday, June 04, 2006

All your oil are belong to US.


In case you weren't aware, Jinx.com is the place to get all the super-hip hacker apparel to make you look like a true wannabe. Unfortunately, most of their t-shirts only come in black, as if that's some kind of hacker uniform (it's not). I happen to look like ass in black, so I usually take my favorite shirts from Jinx and redo them on white shirts with my epson printer and some iron-on transfer paper. Anyway, one of my favorites is the "All your oil are belong to US" shirt. Some dude just posted this funny picture of George H.W. Bush (AKA: The Decider) wearing one.